Privacy Policy

Controller identity and representative functions

The controller within the meaning of Articles 4(7) and 24 GDPR is the service operator using the brand Purifythbio at the address stated in the hero card. Where we process employee or contractor data, separate notices govern HR folders and are available internally.

Material and territorial scope

This statement covers visitors to https://purifythbio.world, purchasers of digital publications, participants in remote guidance sessions, newsletter subscribers, and individuals who email us from any country. If you merely load a cached copy delivered through a CDN, the sections on technical logs still apply.

Categories of personal data

• Identity data: name elements, professional title (if volunteered), preferred salutation.
• Contact data: postal work address, phone, email, timezone descriptors.
• Financial data: IBAN fragments, payment confirmations, VAT identifiers on invoices.
• Interaction data: support transcripts, coaching notes prepared collaboratively, workshop evaluations.
• Technical data: IP address, user agent, language header, referrer URL, timestamp.
• Preference data: cookie banner flags, accessibility accommodation lists, communication channel preferences.
• Special categories: we do not aim to collect health data, yet free-text fields might reference symptoms. We instruct staff to minimise such notes and delete incidental medical detail unless a statutory exception applies.

Sources of data

Most records originate directly from you. We may receive transactional references from payment processors, fraud-screening services, or accountants reconciling ledgers. If you participate in joint webinars hosted with universities, the partner may relay registration details under documented instructions.

Processing purposes and legal bases

• Website delivery (Art. 6(1)(b) / (f)): TLS termination, denial-of-service mitigation, abuse ticketing.
• Contract performance (Art. 6(1)(b)): issuing invoices, transferring download links, scheduling guidance.
• Compliance (Art. 6(1)(c)): tax archives, sanction screening where mandated, responding to court orders.
• Legitimate interests (Art. 6(1)(f)): internal analytics on article performance when no consent is required, cybersecurity threat hunting balanced via DPIA notes.
• Consent (Art. 6(1)(a)): non-essential cookies, certain marketing journeys, optional case studies quoting readers.

Consent management and withdrawal

Granular consent for cookies can be adjusted through the banner controls on each page. Marketing consents carry their own audit log showing timestamp, language version, and proof of double opt-in when required. Withdrawal mirrors the ease of giving consent; you may email us to propagate a withdrawal across systems within reasonable technician availability.

Processors, recipients, and third-country transfers

Typical processor categories include EU-based hosting, transactional email relay, accounting SaaS, and optional analytics suites activated only after consent. Where a vendor stores data in the United States or other third countries, we execute Standard Contractual Clauses plus transfer impact assessments. Copies of redacted SCC references are available upon request.

Retention schedule

• Marketing consents: three years of inactivity.
• Contact form archives: twenty-four months after last substantive exchange unless litigation holds apply.
• Accounting records: up to ten years per German HGB / AO requirements.
• Security logs: ninety days rolling unless an incident extends forensic preservation.
• Newsletter unsubscribes: minimal suppression hashes indefinitely to honour opt-out.

Security measures

We implement TLS 1.2+, segregated admin accounts, encrypted devices for remote staff, quarterly access reviews, and vendor questionnaires. Incident response runbooks include notification timelines aligned with Articles 33–34 GDPR. No control eliminates all risk; please use unique passwords when creating optional accounts.

Automated decision-making and profiling

We do not perform automated decisions with legal effect. Lightweight segmentation for editorial surveys may cluster readers by geography or content tags, yet humans retain final discretion on outreach lists.

Data subject rights

You may request access, rectification, erasure, restriction, portability, and objection by emailing service@purifythbio.world with subject “DSR” plus a description of the right invoked. We verify identities proportionally. Responses normally ship within one month; complex cases may extend by two further months with explanation.

Supervisory authority contacts

Without prejudice to other remedies, you may lodge a complaint with the Berlin Commissioner for Data Protection and Freedom of Information (https://www.datenschutz-berlin.de) or your habitual residence authority under Article 77 GDPR.

Children

Offers target adults capable of forming valid consent. If guardians discover submissions from minors, notify us for prompt assessment and deletion where appropriate.

Business-to-business relationships

When you represent an organisation, we process your professional contact details under Article 6(1)(f) for negotiating contracts and maintaining supplier due diligence dossiers separate from consumer-facing archives.

Policy evolution and archives

Material updates receive a change log excerpt at the bottom of this page via the dynamic date stamp. Prior versions are stored offline for regulatory inquiries. Continued use after notification constitutes awareness unless fresh consent is legally required.

Contact points for privacy queries

Email remains the preferred channel for structured requests. Postal inquiries should reference “Privacy” on the envelope. If we designate a data protection officer in the future, this section will list direct coordinates.